38 matches found
Astra Linux – Vulnerability in opensc
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process when using the pkcs15-init function. To exploit these vulnerabilities, an attacker must have physical access to the computer system and use a custom-constructed USB device or sma...
TencentOS Server 3: opensc (TSSA-2023:0324)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
EUVD-2023-45217
Malicious code in bioql PyPI...
CBL Mariner 2.0 Security Update: opensc (CVE-2023-40661)
The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40661 advisory. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollme...
Azure Linux 3.0 Security Update: opensc (CVE-2023-40661)
The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40661 advisory. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollme...
Linux Distros Unpatched Vulnerability : CVE-2023-40661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or...
SUSE CVE-2024-8443
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-8443
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
DEBIAN-CVE-2024-8443
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-8443
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-8443 Libopensc: heap buffer overflow in openpgp driver when generating key
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-8443 Libopensc: heap buffer overflow in openpgp driver when generating key
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-8443
CVE-2024-8443 is a heap-based buffer overflow in the libopensc OpenPGP driver. A crafted USB device or smart card that replies to APDUs during enrollment via pkcs15-init can trigger out-of-bounds access, potentially allowing arbitrary code execution. Public-affecting reports reference the OpenSC ...
CVE-2024-8443
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
UBUNTU-CVE-2024-1454
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...
Fedora 39 : opensc (2023-a854153d7a)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a854153d7a advisory. New upstream release 2240701 with security fixes for CVE-2023-40660, CVE-2023-4535, CVE-2023-40661 Tenable has extracted the preceding description...
AlmaLinux 8 : opensc (ALSA-2023:7876)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7876 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic...
OpenSC: multiple memory issues with pkcs15-init (enrollment tool)
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...
RHEL 8 : opensc (RHSA-2023:7876)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7876 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic...
Oracle Linux 9 : opensc (ELSA-2023-7879)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7879 advisory. - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyE...